WIXLIB

Future Proof Your SysAdmin CareerFor today’s system administrators, gaining competencies that movethem up the technology stack and broaden their skillsets is increasinglyimportant. However, core skills like networking remain just as crucial.In this chapter, we’ll focus on another core skill: security.With ever more impactful security threats emerging, the demand for fluencywith network security tools and practices is increasing for sysadmins. Thatmeans understanding everything from the Open Systems Interconnect (OSI)model to devices and protocols that facilitate communication across a network.Locking down systems also means understanding the infrastructureof a network, which may or may not be Linux-based. In fact, many oftoday’s sysadmins serve heterogeneous technology environments wheremultiple operating systems are running. Securing a network requirescompetency with routers, firewalls, VPNs, end-user systems, serversecurity, and virtual machines.TOP SECURITY SKILLS for Open Source ProsNetwork SecurityFirewalls, VPN, CheckPoint,IPS, Python and Apache PigInformation SecurityVulnerability and riskmanagement tools (NIST) andintrusion detection systemsNetwork andWeb-Related ProtocolsTCP/IP, routing, firewalls, etc.Securing systems and networks calls for varying skillsets dependingon platform infrastructure, as is clear if you spend just a few minutesperusing, say, a Fedora security guide or the Securing Debian Manual.12

Future Proof Your SysAdmin CareerHowever, there are good resources that sysadmins can leverage to learnfundamental security skills.For example, The Linux Foundation has published a Linux workstationsecurity checklist that covers a lot of good ground. It’s aimed atsysadmins and includes discussion of tools that can thwart attacks.These include SecureBoot and Trusted Platform Module (TPM). For Linuxsysadmins, the checklist is comprehensive.The widespread use of cloud platforms such as OpenStack is also introducingnew requirements for sysadmins. According to The Linux Foundation’sGuide to the Open Cloud: “Security is still a top concern among companiesconsidering moving workloads to the public cloud, according to Gartner,despite a strong track record of security and increased transparency fromcloud providers. Rather, security is still an issue largely due to companies’inexperience and improper use of cloud services,” and a sysadmin withdeeply entrenched cloud skills can be a valuable asset.Most operating systems and widely used Linux distributions feature timelyand trusted security updates, and part of a good sysadmin’s job is to keepup with these. Many organizations and administrators shun spin-off and“community rebuilt” platform infrastructure tools because they don’t havethe same level of trusted updating.Network challengesNetworks, of course, present their own security challenges. The smallestholes in implementation of routers, firewalls, VPNs, and virtual machinescan leave room for big security problems. Most organizations are strategicabout combating malware, viruses, denial-of-service attacks, and othertypes of hacks, and good sysadmins should study the tools deployed.Freely available security and monitoring tools can also go a long way towardavoiding problems. Here are a few good tools for sysadmins to know about:13

Future Proof Your SysAdmin CareerFor a lot of these tools, sysadmins can pick up skills by leveraging free onlinetutorials. For example, there is a whole tutorial series for Metasploit, andthere are video tutorials for Wireshark.Wireshark, apacket analyzer forsysadminsKeePass PasswordSafe, a free opensource passwordmanagerMalwarebytes, afree anti-malwareand antivirus toolNMAP, a powerfulsecurity scannerNIKTO, an opensource web serverscannerAnsible, a tool forautomating secure ITprovisioningMetasploit, a tool forunderstanding attackvectors and doingpenetration testingAlso on the topic of free resources,we’ve previously covered a freeebook from the editors at TheNew Stack called Networking,Security & Storage with Docker& Containers. It covers thelatest approaches to securecontainer networking, as wellas native efforts by Docker tocreate efficient and securenetworking practices. The ebookis loaded with best practices forlocking down security at scale.Training and certification, ofcourse, can make a huge differencefor sysadmins as we discussedin “7 Steps to Start Your LinuxSysadmin Career.”For Linux-focused sysadmins,The Linux Foundation’s LinuxSecurity Fundamentals (LFS216)is a great online course forgaining well-rounded skills. Theclass starts with an overviewof security and covers howsecurity affects everyone inthe chain of development,implementation, andadministration, as well as end14

Future Proof Your SysAdmin Careerusers. The self-paced course covers a wide range of Linux distributions,so you can apply the concepts across distributions. The Foundation offersother training and certification options, several of which cover securitytopics. For example, LFS201 Essentials of Linux System Administrationincludes security training.Also note that CompTIA Linux incorporates security into training options,as does the Linux Professional Institute. Technology vendors offer somegood choices as well; for example, Red Hat offers sysadmin trainingoptions that incorporate security fundamentals. Meanwhile, Mirantis offersthree-day “bootcamp” training options that can help sysadmins keep anOpenStack deployment secure and optimized.In the 2016 Linux Foundation/Dice Open Source Jobs Report, 48 percentof respondents reported that they are actively looking for sysadmins. Jobpostings abound on online recruitment sites, and online forums remaina good way for sysadmins to learn from each other and discover jobprospects. So the market remains healthy, but the key for sysadmins is togain differentiated types of skillsets. Mastering hardened security is surelya differentiator, and so is moving up the technology stack—which we willcover in the next chapters.15

4Looking to theCloud16

Future Proof Your SysAdmin CareerSysadmins will always need core competencies such as networkingand security, but increasingly, they can differentiate themselvesby mastering new platforms and tools. In today’s environment,experience with open cloud computing platforms such as OpenStackcan make a huge difference for a sysadmin.The cloud advantageExperience with emerging cloud infrastructure tools and open sourcetechnologies can make a substantial compensation difference forsysadmins. According to a salary study from Puppet, “Sysadmins aren’tmaking as much as their peers. The most common salary range forsysadmins in the United States is 75,000- 100,000, while the four othermost common practitioner titles (systems developer/engineer, DevOpsengineer, software developer/engineer, and architect) are most likely toearn 100,000– 125,000.”If you search recruitment sites for sysadmin positions that demand cloudskills, opportunities abound. There are many positions that require strongcloud monitoring skills, and jobs that demand facility with both open sourceand popular public cloud platforms.Certification also makes adifference. The value of cloudcentric certification is being drivenby shortages in the number ofskilled cloud-skilled professionals.CEB, a company focused on bestpractices in technology, recently“Experience with emergingcloud infrastructuretools and open sourcetechnologies can make asubstantial compensationdifference for sysadmins.”17

Future Proof Your SysAdmin Careerprovided Forbes with the results of a database dive on cloud computinghiring trends. It found shortages in expertise surrounding many cloudcomputing platforms, and it also called out a strong job market for skilledprofessionals. In fact, 124,300 was the median advertised salary forcloud computing professionals in 2016, according to the database. 124,000The medianadvertised salaryfor cloud computingprofessionals in2016.Source: CEBSome sysadmins are blogging about their experiences in addingOpenStack skills to their arsenals. For example, Michalis Giannos, writingfor Stackmasters, said, “As an old-school system administrator, whatimpressed me about OpenStack is that it extends resource managementover to storage and network — that is, going beyond the CPU and memorymanagement options that you get with the typical virtual machine offerings.Having a unified view of your computing resources utilization, and havingthe ability to manage it from a single place is a very powerful feature. Andit’s especially mind blowing, even to an old hat like me, raised up on the CLI,that you can access all that power from an easy to use web-based UI.”Giannos also said, “The ease of creating images and customized flavorsof your virtual machines allows you to deploy a new server in minuteswithout having to repeat trivial configurations all over again. Heck, you canliterally create an HTTP Load Balancer AND the back-end service farm forit in just a few minutes.”Indeed, OpenStack, CloudStack, Nextcloud, and some other open cloudplatforms automate and streamline many tasks that old school sysadminsmay be most familiar with. With all of this in mind, providing cloud platformtraining aimed directly at sysadmins is on the radar at technology vendorsfocused on the cloud and at independent training organizations.18

Future Proof Your SysAdmin CareerThe Linux differenceFluency with Linux can make a big difference for sysadmins, whichshould be no surprise. Several salary studies have shown that Linuxsavvy sysadmins are better compensated than others. With that in mind,note that Linux is the bedrock for the majority of cloud deployments,according to The OpenStack Foundation.This leads to a multi-faceted career path that many sysadmins can taketo differentiate themselves from the pack. In fact, Tom’s IT Pro has calledthis path “the triple threat career path to IT success.” Specifically, itinvolves obtaining certification as a Linux-savvy sysadmin, as a projectmanager, and as a cloud administrator.Training options for Linux-focused sysadmins are expanding accordingly.For professional certification, CompTIA Linux is an option, as arecertifications from Linux Professional Institute. The Linux Foundation’sLinux Foundation Certified System Administrator (LFCS) training andcertification is another good choice.Earning the title of Red Hat Certified System Administrator in Red HatOpenStack demonstrates that you have the skills needed to create,configure, and manage private clouds using Red Hat OpenStackPlatform. Red Hat’s training for this certification covers configuring andmanaging images, adding compute nodes, and managing storage usingSwift and Cinder.Mirantis and other vendors also offer certified OpenStack administratorcurriculum. The Linux Foundation offers an OpenStack AdministrationFundamentals course, which serves as preparation for certification. Thecourse is available bundled with the COA exam, enabling students tolearn the skills they need to work as an OpenStack-skilled administratorand get the certification to prove it. A unique feature of the course isthat it provides each participant with a live OpenStack lab environment19

Future Proof Your SysAdmin Careerthat can be rebooted at any time. Customers also have access to thecourse and the lab environment for a full 12 months after purchase. Likethe exam, the course is available anytime, anywhere. It is online and selfpaced — definitely worth looking into.The OpenStack Foundation works directly with The Linux Foundationto make the Certified OpenStack Administrator (COA) exam available,and getting certified is a rock solid credential for many sysadmins. TheGuide to the Open Cloud 2016 from The Linux Foundation also includesa comprehensive look at other cloud platforms and tools that manysysadmins would be wise to pick up skills for, including tools that orbit theopen cloud ecosystem.Clearly, sysadmins interested in adding meaningful skills and credentialsto their arsenals shouldn’t ignore the cloud. Training and certificationopportunities are proliferating, and widespread skills shortages are welldocumented. In the next chapter, we’ll take a closer look at configurationand automation.20

5ConfigurationandAutomation21

Future Proof Your SysAdmin CareerSystem administrators looking to differentiate themselves fromthe pack are increasingly getting cloud computing certificationor picking up skills with configuration management tools. FromPuppet to Chef to Ansible, powerful configuration managementtools can arm sysadmins with new skills such as cloud provisioning,application monitoring and management, and countless types ofautomation.TOP 3 DevOps SkillsConfigurationManagement ToolsChef, Puppet & AnsibleCloud ComputingOpenStackProgrammingLanguagesRuby, Python, Java & PerlConfiguration management platforms and tools have converged directlywith the world of open source. In fact, several of the best tools are fullyfree and open source. From server orchestration to securely deliveringhigh-availability applications, open source tools such as Chef and Puppetcan bring organizations enormous efficiency boosts.The prevalence of cloud computing, and the open platforms thatfacilitate it, have contributed to the benefits organizations can reap fromconfiguration management tools. Cloud platforms allow teams to deployand maintain applications serving thousands of users, and the leadingopen source configuration management tools have integrated ways toautomate all relevant processes.22

Future Proof Your SysAdmin CareerWhen many people envision a“.automated provisioningsysadmin in action, they imagineand configuration canan interaction with an end user.result in time savings andHowever, as organizations moveto the cloud and heterogeneousreduce human error.”technology infrastructureenvironments, many sysadmins need to expand their skills. Today,automation of tasks and application delivery are big themes. Among otherbenefits, automated provisioning and configuration can result in timesavings and reduce human error.Tools for the taskPuppet and Chef are both open configuration management tools that canautomate many common tasks. As noted in an UpGuard blog post, “Itis frequently stated that Puppet is a tool that was built with sysadmins inmind. The learning curve is less imposing due to Puppet being primarilymodel driven. Getting your head around JSON data structures in Puppetmanifests is far less daunting to a sysadmin who has spent their life at thecommand line than ruby syntax is.”Puppet can automate many sysadmin tasks, including deploying newmachines, pushing changes out to existing systems, and performingverification checks. Chef, however, is noted for providing a great dealof power and flexibility. It automates the management of systems in thecloud, on-premises, or in a hybrid environment.So, how can sysadmins gain familiarity with these tools? Puppet andChef have commercial enterprises behind them, and flexible trainingoptions are available. For example, if you just want to take Puppet for atest drive within a virtual machine, you can do so here; instructor-led andonline training options are detailed there as well. You can chart a learningroadmap for Puppet here.23

Future Proof Your SysAdmin CareerRed Hat and other vendors also offer training options for Puppet as usedin a standard operational environment or in a cloud environment. Red Hatalso offers training for Ansible, and the curriculum is specifically gearedtoward sysadmins who need to automate, configure, and manage systemsand processes. In-person or online training options for Chef can be foundhere, and you can sample some of the online tutorials here.The Linux Foundation’s “Guide to the Open Cloud: Current Trends andOpen Source Projects” includes a comprehensive section on configurationmanagement tools, and you can find out more and visit some relevantopen source project repositories here.Sysadmins who add cloud and configuration management skills to theirtoolkits are keeping pace with rapidly changing technology environments.These aren’t the only ways to expand your skills, though. In the nextchapter, we will look at the importance of DevOps.24

6EmbracingDevOps25

Future Proof Your SysAdmin CareerSysadmins are increasingly looking to expand their skillsets andcarve out new opportunities. With that in mind, many sysadmins arelooking to the world of DevOps. At lots of organizations, DevOpshas emerged as the most effective method for application delivery,including in the cloud.One of the drivers of the DevOps“The line between hardwaremovement is that organizationsand software is blurrier thansimply have limits on the numberof IT staffers, sysadmins, andit used to be.”developers that they can employ.Cross-pollination of traditional skillsets makes good business sense. And,as Jeff Cogswell has noted, “The line between hardware and software isblurrier than it used to be.”Cogswell also laid out a good recipe for what specific skills to master inorder to meet DevOps goals:DEVOPS SKILLS to MasterVirtualizationEmerging OpenCloud ent Tools Learn what virtualization is and how, through software alone,you can provision a virtual computer and install an operatingsystem and a software stack.26

Future Proof Your SysAdmin Career Study emerging open source platforms and frameworks, suchas OpenStack. Learn network virtualization. Learn to use configuration management tools, such as Puppetand Chef.All of these pursuits can help sysadmins appeal to organizationslooking to create more collaborative and efficient working environments.Additionally, as mentioned earlier, fluency and facility with emerging cloud,virtualization, and configuration management tools can make a substantialcompensation difference for sysadmins.Training optionsSysadmins interested in becoming more fluent with DevOps skills andpractices can start by exploring Dice’s Skills Center. A look there makes itclear that skillsets surrounding configuration management tools, containers,and open platforms are much in demand. Savvy sysadmins can combineexisting competencies with these skillsets and move the needle.Flexible training options are available for these tools. For example, if youjust want to take Puppet for a test drive within a virtual machine, you cando so here, or there are instructor-led and online training options detailedon the same page. For example, you can chart a learning roadmap forPuppet, find in-person or online training options for Chef, or sample someof the available online tutorials.A great way to learn more about cloud skills is to open an account onAmazon Web Services and work with EC2 technology. OpenStacktraining options also abound. The Linux Foundation, for example, offersan OpenStack Administration Fundamentals course, which serves aspreparation for certification. The course is available bundled with theCOA exam, enabling students to learn the skills they need to work as anOpenStack-skilled administrator and get the certification to prove it.27

Future Proof Your SysAdmin CareerThe Guide to the Open Cloud 2016 from The Linux Foundation alsoincludes a comprehensive look at other cloud platforms and tools thatmany sysadmins would be wise to pick up. Mirant

Training options for Linux-focused sysadmins include a variety of networking courses. For sysadmins, CompTIA Linux offers solid training options, as does the Linux Professional Institute. The Linux Foundation Certified System Administrator (LFCS) course is another good choice. The Linux